We live in a world that runs on code. Software is everywhere. There are lot of factors that influence the success of a software development project. Effective collaboration among different development teams and security team is surely one of key ingredients. Because of development teams working from different locations, it becomes utmost important to establish the authorship, maintain the integrity and do that in a secure manner.
It is important for customers, both internal and external, to trust the software that they use or download, that it is coming from an authentic source and not from someone masquerading.
Secure code signing is the practice of digitally signing a piece of software (or firmware) and serves two purposes:
- To ensure the authenticity, that end users can identify its source (the author of the software)
- The integrity, to verify that the code hasn’t been altered since it was published.
Often, the code signing process is manual, and it becomes difficult for developers to sign thousands of files per day manually. Most software developers and IoT manufacturers recognize the need for signed applications, but often faces challenges while implementing code signing securely. Signing code without protecting your cryptographic keys and certificates can expose you to more risk than no code signing at all.
Because these digital certificates and keys are lucrative targets and attackers seek to compromise them to sign and distribute malicious code masked as legitimate software or firmware.
The trust and integrity of software hinges entirely on the security of the code signing keys but keeping them secure is no simple task. Consider:
- Security vs Speed: Security and public key infrastructure (PKI) teams would prefer to isolate and lock down private code signing keys, but developers still need quick access to sign code and push it to production.
- Dispersed Dev: Development teams today work across globally dispersed locations. Code signing keys are often left within reach of hackers on developer workstations and build servers.
- No Disruption: In DevOps, frequent incremental software builds is the base. Any changes to the Software Development Lifecycle (SDLC) can introduce risk and delay time to market.
Whether you consume software or build it, your business must take steps to prevent your keys and certificates from falling into the wrong hands.
Some best practices to ensure secure code signing
Protecting Private Keys
The burden to sign code often falls on developers – people who are responsible for writing code, not ensuring security. As a result, private signing keys wind up in unsecured network locations where they can be extracted by attackers to sell or create code-signed malwares.
The way to do is by finding how many code signing keys and certificates an organization have, where they are and how they are stored. Locate and transfer all private keys into a FIPS 140-2 Level 2 certified hardware security module (HSM) to prevent attackers from gaining physical or logical access.
Integrate with DevOps
Security is only effective with adoption. Code signing should be a collaborative responsibility between security and development teams to achieve mutual goals to protect keys without disrupting the SDLC. The way to achieve this is by Integrating code signing processes with existing developer tools and workflows.
Enforcing access controls
Ensure that only the right developers can sign the right code with the right key, and at the right time. By enforcing access controls and signing policies, enterprises can ensure that, even if a hacker breaches the network, they cannot compromise the code signing infrastructure.
Continuously Monitor & Audit
Certificates expire, keys and algorithms weaken over time, and threats continue to evolve. Stay ahead of these risks by continuously monitoring the status of code signing certificates, the strength of algorithms used, and all code signing activities. Regularly log and audit the usage of keys to paint complete picture and ensure nothing is missed.
Using a malware scanner
If a hacker breaches your developer network, they don’t necessarily need to steal your keys. By gaining access to a build server or developer workstation with access to code signing infrastructure, hackers can simply submit malware to be signed and distributed without detection.
Ready to get started?
Aujas CodeSign is a DevOps ready solution for large scale signing of software objects, firmware, patches, updates, macros, device drivers or configuration files and help you tackle with code signing challenges.
CodeSign is an automated and globally accessible solution with enterprise grade malware scanner to inspect files for malware. It establishes a high state of security on Private Keys using Cloud HSM and Role-based approval provides complete control over every code signing activity. IT or Security professionals can use it for signing of internally approved software for whitelisting, CodeSign is delivered as a SaaS offering with the option of running on public or customer’s private cloud (AWS). It is a developer friendly solution with easy CLI integration and supports all commonly used forms of signing filetypes and Operating system.
Want to learn more? Schedule a demo today.